﻿
using OpenIddict.Abstractions;
using Volo.Abp.DependencyInjection;

namespace Demo.AuthService.Services
{

    /// <summary>
    /// 创建和管理应用*(动态Api)
    /// </summary>
    [Dependency(ServiceLifetime.Singleton)]
    public class ApplicationsService : IApplicationsService
    {

        public IOpenIddictApplicationManager _applicationManager { set; get; }

        /// <summary>
        /// 创建客户端应用
        /// </summary>
        /// <param name="ClientId">客户端ID</param>
        /// <param name="ClientSecret">客户端密码</param>
        /// <param name="DisplayName">微服务显示名称</param>
        /// <param name="serviceName">微服务名称</param>
        /// <returns></returns>
        public async Task CreateAsync(string ClientId, string ClientSecret,string DisplayName,string serviceName)
        {
            // 客户端配置
            if (await _applicationManager.FindByClientIdAsync(ClientId) == null)
            {
                await _applicationManager.CreateAsync(new OpenIddictApplicationDescriptor
                {
                    ClientId = ClientId,
                    ClientSecret = ClientSecret,
                    ConsentType = OpenIddictConstants.ConsentTypes.Explicit,
                    DisplayName = DisplayName,
                    PostLogoutRedirectUris =
                    {
                        new Uri("https://localhost:44302/signout-callback-oidc"),
                        new Uri("http://localhost:4200")
                    },
                    RedirectUris =
                    {
                        new Uri("https://localhost:44302/signin-oidc"),
                        new Uri("http://localhost:4200")
                    },
                    // 具体的权限
                    Permissions =
                    {
                        OpenIddictConstants.Permissions.Endpoints.Authorization,
                        OpenIddictConstants.Permissions.Endpoints.Token,
                        OpenIddictConstants.Permissions.Endpoints.Device,
                        OpenIddictConstants.Permissions.Endpoints.Introspection,
                        OpenIddictConstants.Permissions.Endpoints.Revocation,
                        OpenIddictConstants.Permissions.Endpoints.Logout,

                        OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode,
                        OpenIddictConstants.Permissions.GrantTypes.Implicit,
                        OpenIddictConstants.Permissions.GrantTypes.Password,
                        OpenIddictConstants.Permissions.GrantTypes.RefreshToken,
                        OpenIddictConstants.Permissions.GrantTypes.DeviceCode,
                        OpenIddictConstants.Permissions.GrantTypes.ClientCredentials,
                        OpenIddictConstants.Permissions.Prefixes.GrantType,

                        OpenIddictConstants.Permissions.ResponseTypes.Code,
                        OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken,
                        OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken,
                        OpenIddictConstants.Permissions.ResponseTypes.CodeToken,
                        OpenIddictConstants.Permissions.ResponseTypes.IdToken,
                        OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken,
                        OpenIddictConstants.Permissions.ResponseTypes.None,
                        OpenIddictConstants.Permissions.ResponseTypes.Token,



                        OpenIddictConstants.Permissions.Scopes.Roles,
                        OpenIddictConstants.Permissions.Scopes.Profile,
                        OpenIddictConstants.Permissions.Scopes.Email,
                        OpenIddictConstants.Permissions.Scopes.Address,
                        OpenIddictConstants.Permissions.Scopes.Phone,
                        OpenIddictConstants.Permissions.Prefixes.Scope + serviceName // 测试授权服务
                    }
                });
            }
        }
    }
}
